An integrated circuit (“IC”), also known as a chip or a microchip, is a miniaturized electronic circuit used in electronic equipment such as computer, telephone, and digital applications. An IC is typically formed of semiconductor devices, such as silicon and germanium, as well as passive components such as capacitors, resistors, and diodes. Usually, an IC is manufactured on a thin substrate of semiconductor material. In recent years, cost in manufacturing of ICs, per transistor, has decreased. However, while lower cost increases the availability of manufacturing, ICs must be protected from threats such as cloning or copying as well as protected against misappropriation and unauthorized use. Threats may allow unauthorized access to encrypted data, replication of IC design including unauthorized use of intellectual property (“IP”) and hardware piracy or the illegal manufacturing of the ICs. Threats of cloning, misappropriation and unauthorized use of a security key are a problem, particularly in computer applications that use a security key in authentication protocols.
Many computer-based hardware security schemes exist to protect ICs from cloning and unauthorized use. These security schemes depend on accessibility to a security key or signature, such as a unique unclonable identifier derived from each IC. Security keys define the basis of computer-based hardware security mechanisms implemented at high levels of hardware security such as those mechanisms that perform encryption of data communication channels, or provide IP theft protection in computer-based logic devices including Field-Programmable Gate Arrays (“FPGAs”).
Conventional security keys are defined using digital data stored, for example, in a flash memory or read only memory (“ROM”) on the IC. From a security perspective, it is desirable that access to the security key is restricted to hardware circuits formed on the IC. Unfortunately, security keys stored using these conventional technologies are subject to invasive physical attacks which can allow an adversary to learn the secret key. If the secret key is learned by an adversary, then clones ICs can be created and security protocols can be compromised.
Random bitstrings may form the basis for encryption, identification, authentication, and feature activation in hardware security. In current technologies, keying material for encryption may be stored as digital bitstrings in non-volatile memory on FPGAs and Application Specific Integrated Circuit (“ASICs”). However, secrets stored this way may not be secure against a determined adversary, who can use probing attacks to steal the secret.
Physical Unclonable Functions (“PUFs”) may be used as alternative to storing digital bitstrings in non-volatile memory. A PUF refers to an IC hardware primitive that leverages entropy introduced by manufacturing variations to produce bitstrings, and may incorporate an on-chip infrastructure for measuring and digitizing the corresponding variations. PUFs may measure and digitize the natural variations that occur in path delays, leakage current, or SRAM power-up patterns, to produce a random bitstring.
Various techniques have been proposed to protect ICs using PUF implementations. Challenge-based IC authentication is one example. With challenge-based IC authentication, a secret key is embedded in the IC that enables the IC to generate a unique response to a challenge, which is valid only for that challenge. Thus, the key remains secret and the mechanism performing authentication is resistant to spoofing. Remote activation schemes are another example. Remote activation schemes enable IC designers to lock each IC at start-up and then enable it remotely, providing intellectual property protection and hardware metering. States are added to the finite state machine (“FSM”) of a design and control signals are added which are a function of the secret key. Therefore, the hardware locks up until receipt of a specific activation code. Other examples of PUF implementations include mismatched delay-lines, static random access memory (“SRAM”) power-on patterns, metal-oxide semiconductor (“MOS”) device mismatches and input dependent leakage patterns. However, each of these techniques has vulnerabilities related to misappropriation, cloning or unauthorized use of a security key for an IC.
Authentication is the process between a prover—e.g., a hardware token or smart card—and a verifier—a secure server or bank—that confirms identities using corroborative evidence of one or both parties. With the network of physical objects embedded with electronics, software, sensors, and network connectivity enabling the collection and exchange of data—referred to as the Internet-of-things (“IoT”)—there are a growing number of applications in which the hardware token is resource-constrained, and therefore, novel authentication techniques are required that are low in cost, energy and area overhead.
Conventional methods of authentication which use area-heavy cryptographic primitives and non-volatile memory (“NVM”) are less attractive for these types of evolving embedded applications. However, PUFs are hardware security and trust primitives that can address issues related to low cost because they eliminate (in most proposed authentication protocols) the need for NVM.
PUFs may be classified as a “strong PUF” or a “weak PUF”. “Strong PUFs” may reduce area and energy overheads by reducing the number and type of cryptographic primitives and operations whereas area overhead restricts the physical size of the entropy source in a “weak PUF”.
Most proposed “weak PUF” architectures require the insertion of a dedicated array of identically-designed test structures to serve as the entropy source in which the area overhead restricts the physical size of the entropy source. Although “weak PUFs” can be used for authentication, they require the insertion of obfuscation functions, e.g., cryptographic hash, encryption and XOR functions, to protect their limited amount entropy against adversarial interface attacks designed to machine learn the secrets.
On the other hand, most “strong PUFs” circumvent the limited amount of entropy within specialized test structures by leveraging the entropy available in existing on-chip resources. A “strong PUF” is able to produce a very large number of challenge-response-pairs (“CRPs”) for authentication operations.
As mentioned above, a PUF extracts entropy (randomness) from variations in the physical and electrical properties of ICs, which are unique to each IC, as a means of generating digital secrets (bitstrings). The bitstrings can serve the role of uniquely identifying the hardware tokens for authentication applications. The bitstrings are generated on-the-fly, thereby eliminating the need to store digital copies of them in NVM, and are (ideally) reproducible under a range of environmental variations. The ability to control the precise generation time of the secret bitstring and the sensitivity of the PUF entropy source to invasive probing attacks (which act to invalidate it) are additional attributes that make them attractive for authentication in resource-constrained hardware tokens. However, there is a demand to improve the reliability and security of ICs, particularly mitigating the vulnerability of security keys to threats including cloning, impersonation, misappropriation and unauthorized use. The invention satisfies this demand.